The Scottish Business Resilience Centre conference on The Enemy Within in Edinburgh on 12th February will cover many ways of protecting your business however there are some basic but often overlooked ways to help protect your business from leakage of valuable information.
Most people are honest but may be careless or misunderstand the consequences of discussing certain business issues and this can be a particular issue with staff coming from academia or a different industry with different practices. It is worthwhile having a formal induction process for new staff in which you explain the company’s confidentiality procedures. Understanding why not everyone is granted access to every piece of company information and the need for a planned release of information tends to ensure greater compliance and care. Regular staff meetings therafter ensure people engage with the company and its goals.
Staff and consultancy contracts and shareholder agreements in small companies usually contain confidentiality clauses but do not forget your non executive directors (NEDS). All confidentiality clauses involving individuals who may visit your site should cover not just materials deliberately handed to them but also information obtained visually on your premises. Senior staff and directors may have obligations to the company implied by law but these may not be as extensive as you might expect so if you want to be safe spell out what you feel is appropriate for your business in a service contract. You might also consider a clause allowing immediate termination if a NED takes on a project or directorship with a potential competior. Take care with investment agreements that have wide exceptions to the usual non disclosure obligations – you need to consider how you handle these situations.
You should be looking at how you communicate with NEDS and consultants and in particular the security of the electronic systems that they use. Do you include their security policies when you conduct pre engagement audits of a consultant or other collaborator? Are your own computer back ups secure? How are sensitive documents stored and accessed. If you have a “need to know” policy does that mean disclosure only to those who need it to do their job or does it include everyone of a particular seniority. What about their secretaries? If you exchange information under a CDA with a collaborator do you have a detailed list of what has been sent or received? How do you manage this material and the associated relationship?
Finally it is useful when staff leave to conduct an exit interview to remind them of their continuing obligations and to recover all company material from their possession. Garden leave is another useful tool if permitted by contract to keep departing staff away from the latest company developments. If they are joining a competitor a letter to the competitor advising them of the employee’s on going obligations and requesting that they are not put in a compromising position may also act as both a reminder and a deterrent ..
By Patricia Barclay